OSD - Unknown Computer Support - Reassure me!

[SM17]

Hi,

 

Im testing SCCM 2012R2 and have learnt alot from this website and the guides written on it!

 

I have just gotten around to testing an OSD to a laptop completely unknown to SCCM.

 

Finally got it to PXE boot only after checking "Enable unknown computer support" in the DP properties.

 

I published my Task Sequence to All Unknown Computers.

 

Now im worried that if somebody brings in a device and for some reason its set to PXE boot they are going to get an OSD!

 

Is this correct?

 

If so whats the best way to set it up so completely unknown devices to SCCM are able to get an OSD if they actually need it but dont automatically get it by default if for whatever reason they are set to PXE boot.

 

Id hate for say a clients manager come in, plug his laptop into our wall jack for instance and fire it up and start the OSD (chances of his device ceing set to PXE boot first permitting of course)

 

Should i be creating a new collection and then importing unknown computers into it specifing their MAC address and publishing my Task Sequence to that collection rather than All Unknown Computers?

 

Thanks for your thoughts in advance.

[Garrett804]

you can avoid this by putting a password requirement.

 

The password option is under the PXE tab for the Distribution Point.

[pembertj]

On our campus we just add a password to the boot environment (same screen in the console where you enable unknown computer support on the distribution point). Rotate it frequently if you are worried about too many people knowing the password.

 

We don't do this on our campus but other people take an approach similar to what you mentioned - disable unknown computer support, and when you get a "new" computer manually import the computer into SCCM (so it is no longer unknown) and drop it into a collection that can see the task sequences.

[SM17]

The password option though would presumably limit when the OSD could be done to just Office hours?

 

Think ill go down the import route to a seperate collection as i manually distribute new machines to relevant DHCP IP pools anyway via MAC address so its just a little extra work to add it into SCCM too, but ill sleep easier knowing only devices i know about and have control over will/could/can PXE OSD boot!

[Garrett804]

The password is 24/7/365 for the boot environment. If you don't type it correctly you don't get access to your task sequences for imaging.

[Adam Bise]

If any OSD task sequence is deployed to all unknown computers, I would most certainly advise using a PXE password.

 

You will need to decide on what works best for you. How many new systems will you be bringing in vs how many existing systems will need to run required task sequences.

 

You can always delete the unknown computer deployment, remove the PXE password, deploy your required task sequences to other collections, and then when you get a big load of new systems, re-enable the PXE password and re-deploy your TS to unknown computers.